On Thu, Dec 11, 2008 at 02:14:13PM -0500, Brian Minton wrote: > Is dropbear vulnerable to the CBC mode plaintext recovery attack described at > http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Yes, Dropbear is most likely vulnerable to that attack. The best workaround (if you're running in the risky situation of a script that will automatically reconnect) is probably to use 0.52 which uses Counter Mode by default, which doesn't have problems. On average an active attacker would have to disconnect several thousand connections before determining any cleartext, so the risk of attack for interactive sessions is low. Matt
